Shrtr
Sign in Sign up

Cookie Policy

Last updated: 16 July 2026

Shrtr sets only the cookies it needs to work — no advertising, no analytics, no cross-site tracking. This page lists every one, in plain English. See also our Privacy Policy. Questions: support@shrtr.top.

1. Cookies we set

All of these are first-party. None of them profiles you or follows you across other sites.

Cookie What it does Category Expires
PHPSESSID Keeps you signed in for the current visit and carries the CSRF token that protects form submissions. A session also starts when you shorten a link, so that link can be added to your account if you then sign up in the same browser. Strictly necessary When you close the browser
ui_theme Remembers your light / dark / auto choice. Set only when you use the theme switch, and holds nothing but that preference — no identifier. Functional (preference) 1 year
REMEMBERME Keeps you signed in across visits. Set only if you tick “Keep me signed in”. It stores a signed value, not readable account data, and is invalidated if you change your password or email. Functional (opt-in) 30 days

2. Third-party cookies

Two subprocessors may set their own cookies, and only where their feature is actually used:

  • Cloudflare Turnstile — the anti-abuse check on the create, sign-in, and waitlist forms. Turnstile is designed to be privacy-preserving and is there purely to keep spam and bots out.
  • Stripe — only on the checkout and billing-portal pages, to run the payment securely as merchant of record.

These are governed by Cloudflare's and Stripe's own privacy notices. We load no advertising, analytics, social, or session-recording scripts anywhere on the site.

3. Why there's no cookie banner

Every cookie above is either strictly necessary for a feature you asked for (signing in, protecting a form) or a functional preference you set yourself (your theme, staying signed in). Under the EU ePrivacy Directive and the UK's PECR, cookies of this kind do not require opt-in consent — so we don't interrupt you with a banner. We would only add one if we ever introduced non-essential tracking, and “no tracking” is a promise we intend to keep.

4. Controlling cookies

You can clear or block cookies in your browser settings at any time. Note that blocking the strictly-necessary session cookie will stop you from signing in, and blocking the functional ones simply means the site won't remember your theme or keep you signed in — nothing else breaks. You can still shorten links with cookies blocked; you just won't be able to sign in or have a link added to your account afterwards.

5. Changes to this policy

If the cookies we use change, we'll update this page and the date at the top. For anything else about how we handle your data, see the Privacy Policy.